From: Daddy on
I'm asking for opinions on whether an outbound (software) firewall is
still necessary, but first here's a little background to put my question
in context.

The reason I'm asking is because I have this "thing" about running a
lean configuration.

The question I'm asking is only applicable to users who are
knowledgeable about security risks and conscientious in their practice
of safe computing in the first place. I like to imagine myself in that
group.

If your outbound firewall is alerting you, that means you're already
infected. Malware got past your own defenses and those provided by your
malware detector. But those malware detectors are getting better all the
time.

My question boils down to this: Is the added overhead of a third-party
software firewall - and the effort needed to understand what the he**
it's doing - worthwhile in light of the advances being made by malware
detectors?

The better malware detectors are updated continuously and their response
to zero-day exploits is getting better and better. They increasingly
rely on behavioral analysis and they're getting better at it.

Sure, there's nothing wrong with a belt-and-suspenders approach to
security, but when do you say "enough"?. Do you need KIS if you have
KAV? Still need NIS if you have NAV? Enough with the poetry...you get my
drift.

Daddy
From: Steve W. on
Daddy wrote:
> I'm asking for opinions on whether an outbound (software) firewall is
> still necessary, but first here's a little background to put my question
> in context.
>
> The reason I'm asking is because I have this "thing" about running a
> lean configuration.
>
> The question I'm asking is only applicable to users who are
> knowledgeable about security risks and conscientious in their practice
> of safe computing in the first place. I like to imagine myself in that
> group.
>
> If your outbound firewall is alerting you, that means you're already
> infected. Malware got past your own defenses and those provided by your
> malware detector. But those malware detectors are getting better all the
> time.
>
> My question boils down to this: Is the added overhead of a third-party
> software firewall - and the effort needed to understand what the he**
> it's doing - worthwhile in light of the advances being made by malware
> detectors?
>
> The better malware detectors are updated continuously and their response
> to zero-day exploits is getting better and better. They increasingly
> rely on behavioral analysis and they're getting better at it.
>
> Sure, there's nothing wrong with a belt-and-suspenders approach to
> security, but when do you say "enough"?. Do you need KIS if you have
> KAV? Still need NIS if you have NAV? Enough with the poetry...you get my
> drift.
>
> Daddy

I would say it is even higher priority now than it was to have an
outgoing firewall. Look at how many of the latest viruses have been able
to shut down the AV and AS products. About the only way your going to
notice those is when they start sending out traffic.


--
Steve W.
From: Shel on
On Thu, 17 Dec 2009 15:06:44 -0500, Daddy <daddy(a)invalid.invalid>
wrote:

>I'm asking for opinions on whether an outbound (software) firewall is
>still necessary, but first here's a little background to put my question
>in context.
>
>The reason I'm asking is because I have this "thing" about running a
>lean configuration.
>
>The question I'm asking is only applicable to users who are
>knowledgeable about security risks and conscientious in their practice
>of safe computing in the first place. I like to imagine myself in that
>group.
>
>If your outbound firewall is alerting you, that means you're already
>infected. Malware got past your own defenses and those provided by your
>malware detector. But those malware detectors are getting better all the
>time.
>
>My question boils down to this: Is the added overhead of a third-party
>software firewall - and the effort needed to understand what the he**
>it's doing - worthwhile in light of the advances being made by malware
>detectors?
>
>The better malware detectors are updated continuously and their response
>to zero-day exploits is getting better and better. They increasingly
>rely on behavioral analysis and they're getting better at it.
>
>Sure, there's nothing wrong with a belt-and-suspenders approach to
>security, but when do you say "enough"?. Do you need KIS if you have
>KAV? Still need NIS if you have NAV? Enough with the poetry...you get my
>drift.
>
>Daddy

Do away with all your security software, and install the free
Microsoft Security Essentials. I have been using it for two months
with no problems.
From: RnR on
On Thu, 17 Dec 2009 15:06:44 -0500, Daddy <daddy(a)invalid.invalid>
wrote:

>I'm asking for opinions on whether an outbound (software) firewall is
>still necessary, but first here's a little background to put my question
>in context.
>
>The reason I'm asking is because I have this "thing" about running a
>lean configuration.
>
>The question I'm asking is only applicable to users who are
>knowledgeable about security risks and conscientious in their practice
>of safe computing in the first place. I like to imagine myself in that
>group.
>
>If your outbound firewall is alerting you, that means you're already
>infected. Malware got past your own defenses and those provided by your
>malware detector. But those malware detectors are getting better all the
>time.
>
>My question boils down to this: Is the added overhead of a third-party
>software firewall - and the effort needed to understand what the he**
>it's doing - worthwhile in light of the advances being made by malware
>detectors?
>
>The better malware detectors are updated continuously and their response
>to zero-day exploits is getting better and better. They increasingly
>rely on behavioral analysis and they're getting better at it.
>
>Sure, there's nothing wrong with a belt-and-suspenders approach to
>security, but when do you say "enough"?. Do you need KIS if you have
>KAV? Still need NIS if you have NAV? Enough with the poetry...you get my
>drift.
>
>Daddy


Tough call. What I will say is that no matter what you decide, have a
clean backup because there is no such thing as bullet proof
protection. You'll appreciate the backup when all else fails.
From: Bob Villa on
On Dec 17, 2:06 pm, Daddy <da...(a)invalid.invalid> wrote:
> I'm asking for opinions on whether an outbound (software) firewall is
> still necessary, but first here's a little background to put my question
> in context.
>
> The reason I'm asking is because I have this "thing" about running a
> lean configuration.
>
> The question I'm asking is only applicable to users who are
> knowledgeable about security risks and conscientious in their practice
> of safe computing in the first place. I like to imagine myself in that
> group.
>
> If your outbound firewall is alerting you, that means you're already
> infected. Malware got past your own defenses and those provided by your
> malware detector. But those malware detectors are getting better all the
> time.
>
> My question boils down to this: Is the added overhead of a third-party
> software firewall - and the effort needed to understand what the he**
> it's doing - worthwhile in light of the advances being made by malware
> detectors?
>
> The better malware detectors are updated continuously and their response
> to zero-day exploits is getting better and better. They increasingly
> rely on behavioral analysis and they're getting better at it.
>
> Sure, there's nothing wrong with a belt-and-suspenders approach to
> security, but when do you say "enough"?. Do you need KIS if you have
> KAV? Still need NIS if you have NAV? Enough with the poetry...you get my
> drift.
>
> Daddy

From what I have heard, if you are behind a hardware firewall with
good password protection...then all that is needed is the Windows
(XP,Vista,Win7) firewall.

bob_v